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REMARKS 

Claims 24-54 were examined and reported in the Office Action. Claims 24-54 are 
rejected. Claims 25, 32 and 45 are canceled. Claims 24, 26, 30, 33, 43 and 46 are 
amended. Claims 24, 26-31, 33-44 and 46-54 remain. 

Applicant requests reconsideration of the application in view of the following 
remarks. 

I. 35 US.CS 102(e) 

It is asserted in the Office Action that claims 24-26, 28-30, 32, 33, 35-38, 43, 45, 46, 
and 48-50 are rejected under 35 U.S.C. § 102(e), as being anticipated by or, in the 
alternative, under 35 U.S.C. §103(a) as obvious over U. S. Patent No. 6,141,760 to Abadi 
et al. ("Abadi") in view of Menezes, "Handbook of Applied Cryptography," 1997, p. 390 
("Menezes"). Applicant respectfully traverses the aforementioned rejection for the 
following reasons. , 

According to MPEP §2131, '"[a] claim is anticipated only if each and every 
element as set forth in the claim is found, either expressly or inherently described, in a 
single prior art reference/ (Verdegaal Bros, v. Union Oil Co. of California, 814 R2d 628, 
631, 2 USPQ2d 1051, 1053 (Fed. Cir. 1987)). 'The identical invention must be shown in 
as complete detail as is contained in the ... claim/ (Richardson v. Suzuki Motor Co.. 868 
F.2d 1226, 1236, 9 USPQ2d 1913, 1920 (Fed. Cir. 1989)). The elements must be arranged 
as required by the claim, but this is not an ipsissimis verbis test, i.e., identity of 
terminology is not required. (In re Bond, 910 F.2d 831, 15 USPQ2d 1566 (Fed. Cir. 
1990))/' 

Applicant's amended claim 24 contains the limitations of "[a] method performed 
by a machine comprising: receiving a user password; receiving a user identification; 
receiving a name of an independent software application that requires a password for a 
user to use the software application; determining a specific randomly generated salt 
value only associated with the software application; computing a software application 
dependent password for a user, wherein the software application dependent password 
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depends on the user password, the user identification and the randomly generated salt 
value for the software application; and returning the software application dependent 
password to the software application, wherein a user does not need to one of remember 
the software application dependent password and record the software application 
dependent password as the software application dependent password is one of 
computed each time a user requests access to the software application and temporarily 
stored a first time the user requests access to the software application for a 
predetermined time period/' 

Applicant's amended claim 30 contains the limitations of "[a] method performed 
by a machine comprising: generating a hash from a particular randomly generated salt 
value associated with a specific software application and input data, the input data 
including a user identification and a strong password; generating a password from the 
hash; and returning the password to the software application to gain entry to the 
software application, wherein a user does not need to one of remember the software 
application dependent password and record the software application dependent 
password as the software application dependent password is one of computed each 
time a user requests access to the specific software application and temporarily stored a 
first time the user requests access to the specific software application for a 
predetermined time period." 

Applicant's amended claim 43 contains the limitations of "[a] program storage 
device readable by a machine comprising instructions that cause the machine to: 
generate a hash from a particular randomly generated salt value associated with a 
specific software application and input data, the input data including a user 
identification and a strong password; generate a password from the hash; and return 
the password to a user to gain entry to the software application, wherein the user does 
not need to one of remember the software application dependent password and record 
the software application dependent password as the software application dependent 
password is generated each time a user requests access to the specific software 
application." 
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Abadi discloses generating passwords for password controlled access points. 
Abadi uses a master password, an access password and a user name. The master 
password, service name and user name are combined using an irreversible function, 
e.g., a hash function, to generate a unique password. Abadi, however, does not teach, 
disclose or suggest "determining a specific randomly generated salt value only 
associated with the software application; ... wherein a user does not need to one of 
remember the software application dependent password and record the software 
application dependent password as the software application dependent password is 
one of computed each time a user requests access to the software application and 
temporarily stored a first time the user requests access to the software application for a 
predetermined time period/" "generating a hash from a particular randomly generated 
salt value associated with a specific software application and input data, the input data 
including a user identification and a strong password; generating a password from the 
hash; ... wherein a user does not need to one of remember the software application 
dependent password and record the software application dependent password as the 
software application dependent password is one of computed each time a user requests 
access to the specific software application and temporarily stored a first time the user 
requests access to the specific software application for a predetermined time period/' or 
"generate a hash from a particular randomly generated salt value associated with a 
specific software application and input data, the input data including a user 
identification and a strong password; . . . wherein the user does not need to one of 
remember the software application dependent password and record the software 
application dependent password as the software application dependent password is 
generated each time a user requests access to the specific software application." 

Therefore, since Abadi does not disclose, teach or suggest all of Applicant's 
amended claims 24, 30 and 43 limitations, Applicant respectfully asserts that a prima 
facie rejection under 35 U.S.C. § 102(e) has not been adequately set forth relative to 
Abadi. Thus, Applicant's amended claims 24, 30 and 43 are not anticipated by Abadi. 
Additionally, the claims that directly or indirectly depend on claims 24, 30 and 43, 
namely claims 26 and 28-29, 33 and 35-38, and 46 and 48-50, respectively, are also not 
anticipated by Abadi for the same reason. 
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Menezes discloses basic encryption techniques, such as slowing down password 
mapping, salting passwords and extending passwords to passphrases. Menezes, 
however, does not teach, disclose or suggest "determining a specific randomly 
generated salt value only associated with the software application; ... wherein a user 
does not need to one of remember the software application dependent password and 
record the software application dependent password as the software application 
dependent password is one of computed each time a user requests access to the 
software application and temporarily stored a first time the user requests access to the 
software application for a predetermined time period," "generating a hash from a 
particular randomly generated salt value associated with a specific software application 
and input data, the input data including a user identification and a strong password; 
generating a password from the hash; . . . wherein a user does not need to one of 
remember the software application dependent password and record the software 
application dependent password as the software application dependent password is 
one of computed each time a user requests access to the specific software application 
and temporarily stored a first time the user requests access to the specific software 
application for a predetermined time period," or "generate a hash from a particular 
randomly generated salt value associated with a specific software application and input 
data, the input data including a user identification and a strong password; ... wherein 
the user does not need to one of remember the software application dependent 
password and record the software application dependent password as the software 
application dependent password is generated each time a user requests access to the 
specific software application." 

Therefore, since Menezes does not disclose, teach or suggest all of Applicant's 
amended claims 24, 30 and 43 limitations, Applicant respectfully asserts that a prima 
facie rejection under 35 U.S.C § 102(e) has not been adequately set forth relative to 
Menezes. Thus, Applicant's amended claims 24, 30 and 43 are not anticipated by 
Menezes. Additionally, the claims that directly or indirectly depend on claims 24, 30 
and 43, namely claims 25-26 and 28-29, 32, 33 and 35-38, and 45-46 and 48-50, 
respectively, are also not anticipated by Menezes for the same reason. 
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Accordingly, withdrawal of the 35 U.S.C. § 102(b) rejections for claims 24-26, 28- 
30, 32, 33, 35-38, 43, 45, 46, and 48-50 are respectfully requested. 

n. 35 U.S.C. 6 103(a) 

A. It is asserted in the Office Action that claim 27 is rejected in the Office Action 
under 35 U.S.C § 103(a) as being unpatentable over Abadi in view of Menezes as 
applied to claim 25 above, and further in view of Ui>. Patent No. 5,719,941 issued to 
Swift et al. ('Swift"). Applicant respectfully traverses the aforementioned rejection for 
the following reasons. 

According to MPEP §2142 "[t]o establish a prima facie case of obviousness, three 
basic criteria must be met First, there must be some suggestion or motivation, either in 
the references themselves or in the knowledge generally available to one of ordinary 
skill in the art, to modify the reference or to combine reference teachings. Second, there 
must be a reasonable expectation of success. Finally, the prior art reference (or 
references when combined) must teach or suggest all the claim limitations. The 
teaching or suggestion to make the claimed combination and the reasonable expectation 
of success must both be found in the prior art, and not based on applicant's disclosure." 
QnreVaeck. 947 F.2d 488, 20 USPQ2d 1438 (Fed. Or. 1991)). Further, according to 
MPEP §2143,03, "[t]o establish prima facie obviousness of a claimed invention, all the 
claim limitations must be taught or suggested by the prior art. fin re Royka, 490 F.2d 
981, 180 USPQ 580 (CCPA 1974)/' "All words in a claim must be considered in judging the 
patentability of that claim against the prior art." fin re Wilson. 424 F.2d 1382, 1385, 165 
USPQ 494, 496 (CCPA 1970), emphasis added.) 

As discussed above in section I, neither Abadi nor Menezes teach, disclose or 
suggest the limitations contained in amended claim 24, from which claim 27 directly 
depends, of "determining a specific randomly generated salt value only associated with 
the software application; ... wherein a user does not need to one of remember the 
software application dependent password and record the software application 
dependent password as the software application dependent password is one of 
computed each time a user requests access to the software application and temporarily 



Application No. 09,753,257 
Page 12 

stored a first time the user requests access to the software application for a 
predetermined time period." 

Swift discloses a method for changing an account password stored at a 
physically remote location. A user submits both an old and a new password to its client 
machine and the client computes two message values. The first message is computed 
by encrypting the new password using a one-way hash of the old password as an 
encryption key. The second message is computed by encrypting the one-way hash of 
the old password using a one-way hash of the new clear text password as the 
encryption key. The server computes a first decrypted value by decrypting the first 
message using the one-way hash of the old password, previously stored at the server, as 
the decryption key. The server computes a second decrypted value by decrypting the 
second message using a one-way hash of the first decrypted value as the decryption 
key. The server compares the decrypted one-way hashed value, transmitted in 
encrypted form in the second message, to the pre-stored hashed old password. If the 
two values are equal, then the server replaces the old password by the new password. 

Swift, however, does not teach, disclose or suggest "determining a specific 
randomly generated salt value only associated with the software application; ... 
wherein a user does not need to one of remember the software application dependent 
password and record the software application dependent password as the software 
application dependent password is one of computed each time a user requests access to 
the software application and temporarily stored a first time the user requests access to 
the software application for a predetermined time period." 

Therefore, even if Abadi and Menezes were pombined with Swift, the resulting 
invention would still not include all of Applicant's claimed limitations. Since neither 
Abadi, Menezes, Swift nor the combination of the three, teach, disclose or suggest all 
the limitations of Applicant's amended claim 24, as listed above, there would not be any 
motivation to arrive at Applicant's claimed invention. Thus, Applicant's amended 
claim 24 is not obvious over Abadi in view of Menezes and further in view of Swift 
since a prima facie case of obviousness has not been met under MPEP §2142. 
Additionally, the claim that indirectly depends from amended claim 24, namely claim 
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27, would also not be obvious over Abadi in view of Menezes and further in view of 
Swift for the same reason. 

Accordingly, withdrawal of the 35 U.S.C. § 103(a) rejection for claim 27 is 
respectfully requested. 

B. It is asserted in the Office Action that claims 31 and 44 are rejected in the Office 
Action under 35 U.S.C. § 103(a) as being obvious over U.S. Patent No. 6,141,760 to 
Abadi et al. in view of Menezes, and further in view of U. S. Patent No. 6,006,333 issued 
to Nielson ("Nielson"). Applicant respectfully traverses the aforementioned rejection 
for the following reasons. 

Applicant's claim 3 1 directly depends on amended claim 30. Applicant's claim 44 
directly depends on amended claim 43. Applicant has discussed Abadi and Menezes above in 
section I regarding amended claims 30 and 43. 

Nielsen discloses a user operating a client system can access multiple remote 
servers that each require distinct passwords with a master password. Nielsen, 
however, does not teach, disclose or suggest "generating a hash from a particular 
randomly generated salt value associated with a specific software application and input 
data, the input data including a user identification and a strong password;. . . wherein a 
user does not need to one of remember the software application dependent password 
and record the software application dependent password as the software application 
dependent password is one of computed each time a user requests access to the specific 
software application and temporarily stored a first time the user requests access to the 
specific software application for a predetermined time period" or "generate a hash from 
a particular randomly generated salt value associated with a specific software 
application and input data, the input data including a user identification and a strong 
password;... wherein the user does not need to one of remember the software 
application dependent password and record the software application dependent 
password as the software application dependent password is generated each time a 
user requests access to the specific software application/' 
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Therefore, even if Abadi and Menezes were combined with Nielsen, the resulting 
invention would still not include all of Applicant's claimed limitations. Since neither 
Abadi, Menezes, Swift nor the combination of the three, teach, disclose or suggest all 
the limitations of Applicant's amended claims 30 and 43, as listed above, there would 
not be any motivation to arrive at Applicant's claimed invention. Thus, Applicants 
amended claims 30 and 43 are not obvious over Abadi in view of Menezes and further 
in view of Nielsen since a prima facie case of obviousness has not been met under MPEP 
§2142. Additionally, the claims that directly depends from amended claims 30 and 43, 
namely claims 31, and 44, respectively, would also not be obvious over Abadi in view of 
Menezes and further in view of Nielsen for the same reason. 

Accordingly, withdrawal of the 35 U.S.C. § 103(a) rejection for claims 31 and 44 is 
respectfully requested. 

C. It is asserted in the Office Action that claims 39 and 51 are rejected in the Office 
Action under 35 U.S.C § 103(a) as being obvious over Abadi in view of Menezes, and 
further in view of U. S. Patent No. 6,064,736 issued to Davis et al. ('Davis "). Applicant 
respectfully traverses the aforementioned rejection for the following reasons. 

Applicant's claim 39 directly depends on amended claim 30. Applicant's claim 
51 directly depends on amended claim 43. Applicant has discussed Abadi and Menezes 
above in section I regarding amended claims 30 and 43. 

Davis discloses a two party key authentication and verification where data is 
allowed to flow between a client and a server after verification. Davis discloses that a 
nonce and the User ID of the client is sent to the server where the server creates a 
random secret value to be used in a DES algorithm to set up the encrypted session. The 
nonce in Davis, if compared to a randomly generated salt in Applicant's claimed 
invention, is not a particular nonce that is associated with a specific software 
application. In fact, since a nonce is based on time or can be a time stamp, it is hardly 
likely that a particular nonce could ever be associated with a specific software 
application repeatedly. Moreover, Davis does not teach, disclose or suggest 
"generating a hash from a particular randomly generated salt value associated with a 
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specific software application and input data, the input data including a user 
identification and a strong password;. . . wherein a user does not need to one of 
remember the software application dependent password and record the software 
application dependent password as the software application dependent password is 
one of computed each time a user requests access to the specific software application 
and temporarily stored a first time the user requests access to the specific software 
application for a predetermined time period" or "generate a hash from a particular 
randomly generated salt value associated with a specific software application and input 
data, the input data including a user identification and a strong password;... wherein 
the user does not need to one of remember the software application dependent 
password and record the software application dependent password as the software 
application dependent password is generated each time a user requests access to the 
specific software application." 

Therefore, since Davis does not disclose, teach or suggest all of Applicant's 
amended claims 30 and 43 limitations, Applicant respectfully asserts that a prima facie 
rejection under 35 U.S.C. § 102(e) has not been adequately set forth relative to Davis. 
Thus, Applicant's amended claims 30 and 43 are not anticipated by Davis. 
Additionally, the claims that directly or indirectly depend on claims 30 and 43, namely 
claims 39, and 51, respectively, are also not anticipated by Davis for the same reason. 

Accordingly, withdrawal of the 35 U.S.C § 103(a) rejection for claims 39 and 51 is 
respectfully requested. 

D, It is asserted in the Office Action that claims 40-42 and 52-54 are rejected in the 
Office Action under 35 U.S.C. § 103(a) as being obvious over Abadi in view of Menezes, 
and further in view of U.S. Patent Application No. 6,601,175 issued to Arnold et al. 
("Arnold"). Applicant respectfully traverses the aforementioned rejection for the 
following reasons. 

Applicant's claims 40-42 depend on amended claim 30. Claims 52-54 depend on 
amended claim 43. Applicant has discussed Abadi and Menezes above in section L 
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Arnold discloses a data processing system features are protected using a 
machine-specific limited-life password. The data processing system includes execution 
resources for executing a watchdog program, a limited-life value generator, and non- 
volatile storage that stores a machine-specific value partially derived from relatively 
unique information associated with the data processing system, such as a secret control 
password. The limited-life value can represent a timestamp that limits the duration that 
the machine-specific limited-life value is valid or a nonce that limits the number of 
times that the machine-specific limited-life value can be vised. Arnold, however, does 
not teach, disclose or suggest "generating a hash from a particular randomly generated 
salt value associated with a specific software application and input data, the input data 
including a user identification and a strong password;... wherein a user does not need 
to one of remember the software application dependent password and record the 
software application dependent password as the software application dependent 
password is one of computed each time a user requests access to the specific software 
application and temporarily stored a first time the user requests access to the specific 
software application for a predetermined time period" or "generate a hash from a 
particular randomly generated salt value associated with a specific software application 
and input data, the input data including a user identification and a strong password;. . . 
wherein the user does not need to one of remember the software application dependent 
password and record the software application dependent password as the software 
application dependent password is generated each time a user requests access to the 
specific software application." 

Therefore, even if Abadi and Menezes were combined with Arnold, the resulting 
invention would still not include all of Applicant's claimed limitations. Since neither 
Abadi, Menezes, Arnold nor the combination of the three, teach, disclose or suggest all 
the limitations of Applicant's amended claims 30 arid 43, as listed above, there would 
not be any motivation to arrive at Applicant's claimed invention. Thus, Applicant's 
amended claims 30 and 43 are not obvious over Abadi in view of Menezes and further 
in view of Arnold since a prima facie case of obviousness has not been met under MPEP 
§2142. Additionally, the claims that directly depends from amended claims 30 and 43, 
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namely claims 40-42, and 52-54, respectively, would also not be obvious over Abadi in 
view of Menezes and further in view of Arnold for the same reason. 

Accordingly, withdrawal of the 35 US.C. § 103(a) rejections for claims 40-42 and 
52-54 are respectfully requested. 



